Design/Logic Flaw

2016-04-2215:59:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

CPENameOperatorVersion
foxit_readerle7.3.0.118
phantompdfle7.3.0.118

CPE	Name	Operator	Version
	foxit_reader	le	7.3.0.118
	phantompdf	le	7.3.0.118

References

www.securityfocus.com/bid/85379

www.zerodayinitiative.com/advisories/ZDI-16-219

www.zerodayinitiative.com/advisories/ZDI-16-220

www.foxitsoftware.com/support/security-bulletins.php